Vulnerabilities > EQ 3 > Homematic Ccu3 Firmware > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-07-22 CVE-2021-33032 OS Command Injection vulnerability in Eq-3 Homematic Ccu2 Firmware
A Remote Code Execution (RCE) vulnerability in the WebUI component of the eQ-3 HomeMatic CCU2 firmware up to and including version 2.57.5 and CCU3 firmware up to and including version 3.57.5 allows remote unauthenticated attackers to execute system commands as root via a simple HTTP request.
network
low complexity
eq-3 CWE-78
critical
 10.0
10
2019-10-17 CVE-2019-15850 Missing Authorization vulnerability in Eq-3 Homematic Ccu3 Firmware 3.41.11
eQ-3 HomeMatic CCU3 firmware version 3.41.11 allows Remote Code Execution in the ReGa.runScript method.
network
low complexity
eq-3 CWE-862
critical
 9.0
9.0
2019-08-13 CVE-2019-14986 Unspecified vulnerability in Eq-3 Homematic Ccu2 Firmware and Homematic Ccu3 Firmware
eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn before 2.3.0 installed allow administrative operations by unauthenticated attackers with access to the web interface, because features such as File-Browser and Shell Command (as well as "Set root password") are exposed.
network
eq-3
critical
 9.3
9.3